Crypto Token Kit API

In Yosemite (Mac OS X 10.10) Apple introduced a new API to access smart cards. See OS X Yosemite and smart cards status.
This API is not a wrapper above PC/SC. It is the native API to be used on macOS. You do not need to install it, it comes with the OS.

Since PC/SC is not used here the blog title may be misleading. So I used " " around PC/SC this time.

Source code

Create a new Cocoa application in Xcode. You need to enable the App Sandbox and add/set the com.apple.security.smartcard entitlement to yes.

My sample HellloWorld application does not use Cocoa. It is a text only application.

Conclusion

In general, I prefer to use synchronous calls. So the possibility to use a synchronous sendIns: method is nice.
Depending on your needs, the CryptoTokenKitTKSmart​Card API offers you the choice between a synchronous or asynchronous version.

Tuesday, March 14, 2017

TC2 - Specific to T=0

If present in the Answer-to-Reset, the interface byte TC2 encodes the waiting time integer WI over the eight bits, except the value '00' reserved for future use. If TC2 is absent, then the default value is WI = 10.

Smart Card Connector

It allows to use the PC/SC API from a JavaScript application in a Chromebook. The project is a port of pcsc-lite, libccid and libusb to ChromeOS and is available at chromeos_smart_card_connector under the Apache v2 license.

I do not have a Chromebook myself but it is possible to use the Chrome browser instead (with some limitations).

Installation

You should see the "Smart Card Connector" application in your chrome://apps/.

If you click on the application icon you should see something like:

Since the "Smart Card Connector" application completely replaces pcsc-lite and the CCID driver the normal pcsc-lite provided by the system must be stopped. See "Troubleshooting Apps under desktop OSes" to know how to stop pcscd.

Remarks

This API is very verbose and low level. You can compare it to the node-pcsclite project API, also in JavaScript, I used in a previous article "PCSC sample in JavaScript (Node.js)".

The API uses a lot of call back functions. But that is not surprising for a JavaScript code.

Installation

To install the application in Chrome go to chrome://extensions/ and click on the "Load non packaged extension" button (label translated from French so the real English text may be different) and select the root directory of the sample application.

You should then see a new "Hello World PC/SC" extension in the list. Click on the "Run" link to start the extension. A new window should be created as displayed in the Output section bellow.

Output

Conclusion

This API is useful mainly/only on Chromebook computers. I guess it is the only smart card interface for this kind of computer.

If you know a PC/SC wrapper that is not yet in my list then please contact me.

The value "5B 8F" is just the 2 first bytes returned by the card. The other 30 bytes and the status word (SW) are lost.

I note that if I use the values 0 or 1 for length then SCardTransmit() correctly returns SCARD_E_INSUFFICIENT_BUFFER. So the Sierra code has a check to reject a buffer of smaller than 2 bytes. The code should check the given size compared to the real card answer.